Legal

Privacy Policy

Effective: January 1, 2026 ยท Last reviewed: January 2026

Aethelgard Strategic Advisory LLC (“Aethelgard,” “we,” “us,” or “our”) respects the privacy of individuals who visit our website, correspond with our firm, apply for engagement opportunities, or otherwise interact with our practice. This Privacy Policy (the “Policy”) describes the categories of personal information we collect, the purposes for which we use that information, the parties with whom we share it, and the choices and rights available to you under applicable law.

This Policy is drafted to align with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), and the Utah Consumer Privacy Act (“UCPA”), to the extent each applies to your interaction with us. Where you are located outside the United States, please review the “International Users” section below.

1. Scope of This Policy

This Policy applies to personal information we collect through this website (the “Site”), through direct correspondence with our firm by electronic or postal means, in the course of pre-engagement counterparty due diligence, and through our engagement with applicants for professional opportunities. It does not apply to information you provide directly to third parties, including services that may be linked from the Site but operated independently of Aethelgard.

This Policy does not address personal information processed by Aethelgard solely on behalf of, and under the instructions of, our clients in the course of a defined engagement. Such processing is governed by the engagement agreement and any applicable data-processing addendum between Aethelgard and the client.

2. Categories of Personal Information We Collect

In the preceding twelve (12) months, we have collected, and may continue to collect, the following categories of personal information, as those categories are defined under the CCPA/CPRA:

  • Identifiers: name, postal address, email address, telephone number, organisational affiliation, professional title, IP address, and similar identifiers.
  • Customer records information: contact details and professional background, where voluntarily provided in the course of an enquiry or engagement discussion.
  • Commercial information: records of correspondence, scope-of-work discussions, and engagement terms, where applicable.
  • Internet or other electronic network activity information: browser type and version, operating system, referring URL, pages viewed, time spent on pages, click sequence, and approximate location derived from network metadata.
  • Geolocation data: approximate location at the city or regional level, derived from IP address; we do not collect precise geolocation data.
  • Professional or employment-related information: for prospective consultants and engagement counterparties, information regarding professional history, clearances or credentials (where voluntarily disclosed), and references.
  • Inferences: conclusions drawn from any of the above for the limited purpose of evaluating enquiries and conducting counterparty due diligence.

We do not knowingly collect categories of “sensitive personal information” as that term is defined under the CPRA, except in the limited circumstance that an enquirer or applicant voluntarily provides such information in correspondence. Where this occurs, we use such information solely for the purpose for which it was provided.

3. Sources of Personal Information

We obtain personal information from the following sources:

  • Directly from you: when you contact us, respond to our correspondence, submit an enquiry, apply for a professional opportunity, or otherwise interact with our firm.
  • Automatically: through standard server logs, cookies strictly necessary for Site functionality, and similar technologies described in Section 8 below.
  • From third parties: on a limited basis, from professional references and publicly available business directories used for counterparty verification.

4. Purposes for Which We Use Personal Information

We use the personal information described above for the following business and commercial purposes:

  • to respond to enquiries and conduct counterparty identity verification and due diligence;
  • to evaluate and negotiate prospective engagements;
  • to administer engagements, including correspondence, deliverable transmission, and invoicing;
  • to evaluate applications for professional opportunities at the firm;
  • to operate, maintain, secure, and improve the Site;
  • to detect, prevent, and respond to security incidents, fraud, or unlawful activity;
  • to comply with legal, regulatory, contractual, and audit obligations;
  • to enforce our agreements and protect the rights, property, and safety of Aethelgard, our personnel, our clients, and others;
  • for internal record-keeping and the establishment, exercise, or defence of legal claims.

We do not use personal information for purposes incompatible with those for which it was collected without first providing notice and, where required, obtaining consent.

5. Disclosure of Personal Information

We do not sell personal information for monetary or other valuable consideration. We do not share personal information for purposes of cross-context behavioural advertising. We do not engage in profiling that produces legal or similarly significant effects.

We may disclose personal information to the following categories of recipients, in each case subject to appropriate confidentiality and use-limitation obligations:

  • Service providers and processors acting on our documented instructions, including hosting providers, secure communication platforms, professional services firms, and IT support providers;
  • Professional advisors, including legal counsel, accountants, auditors, and insurers;
  • Affiliated entities within the Aethelgard corporate family, where applicable;
  • Authorities and other parties where required by law, valid legal process, court order, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Aethelgard, our personnel, our clients, or the public;
  • In connection with a business transaction, such as a merger, financing, acquisition, reorganisation, or sale of assets, in which event personal information may be transferred to the successor in interest subject to the terms of this Policy.

6. Information Security

We maintain administrative, technical, and physical safeguards reasonably designed to protect personal information against unauthorised access, alteration, disclosure, loss, or destruction. These measures include role-based access controls, encryption of data in transit and, where appropriate, at rest, and routine security review of our systems and service providers. Substantive engagement communication is conducted over end-to-end encrypted channels.

No method of transmission or electronic storage is, however, entirely secure. We cannot guarantee the absolute security of personal information.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, contractual, accounting, or reporting requirements, to resolve disputes, and to enforce our agreements. Indicative retention periods:

  • Routine enquiry correspondence: typically up to twenty-four (24) months from last interaction, unless a longer period is required.
  • Engagement records: for the duration of the engagement and a defined statutory retention period thereafter, generally not less than seven (7) years.
  • Applicant records: typically up to twelve (12) months from the conclusion of the recruitment process, or longer where the applicant consents to inclusion in our talent pipeline.
  • Server log files: typically thirty (30) to ninety (90) days, except where retained longer for security investigation purposes.

8. Cookies and Similar Technologies

We use only strictly necessary first-party cookies and similar technologies required for the operation, security, and basic functionality of the Site. We do not use advertising cookies, profiling cookies, or third-party tracking technologies. We do not embed third-party analytics, social-media, or advertising scripts.

Your browser may be configured to refuse cookies or to alert you when cookies are sent. The Site will continue to function with strictly necessary cookies disabled, though some features may not perform as intended. We do not currently respond to browser “Do Not Track” signals as no industry-wide standard for honouring such signals has been adopted.

9. Marketing Communications

We do not send unsolicited marketing communications, newsletters, or commercial promotions. Where we correspond with you, it is in direct response to an enquiry, in furtherance of an existing engagement, or in connection with an applicant or counterparty relationship.

10. Children’s Privacy

The Site and our services are not directed to individuals under sixteen (16) years of age, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take reasonable steps to delete that information.

11. International Users

This Site is operated from the United States. If you access the Site from, or provide personal information to us while located outside the United States, you acknowledge that the personal information you provide will be transferred to and processed in the United States, where data-protection laws may differ from those of your jurisdiction. Where required, we rely on appropriate safeguards for such transfers, including standard contractual clauses or other lawful mechanisms.

12. Your Rights Under U.S. State Privacy Laws

Depending on your state of residence, you may have one or more of the following rights with respect to personal information we have collected about you:

  • Right to know / right of access: to confirm whether we process personal information about you, and to obtain a copy of the specific pieces of personal information we have collected.
  • Right to correct: to request correction of inaccurate personal information.
  • Right to delete: to request deletion of personal information, subject to applicable exceptions (for example, where retention is required by law or to complete a transaction).
  • Right to portability: to receive personal information you have provided to us in a structured, commonly used, machine-readable format, where technically feasible.
  • Right to opt out of sale or sharing: as noted, we do not sell personal information or share it for cross-context behavioural advertising, so this right is structurally inapplicable to our processing.
  • Right to limit use of sensitive personal information: to direct us to use sensitive personal information only for limited purposes specified by law.
  • Right to opt out of profiling: we do not engage in profiling that produces legal or similarly significant effects, so this right is structurally inapplicable.
  • Right to non-discrimination: we will not discriminate against you for exercising any of the rights described in this Policy.
  • Right to appeal: if we deny your request, you have the right to appeal that decision by following the instructions in our response, in jurisdictions where this right is granted by law.

13. How to Exercise Your Rights

To exercise any of the rights described above, contact us using the details in Section 16 below. We will acknowledge your request promptly and respond within the timeframes required by applicable law (generally within forty-five (45) days, with a permitted extension where necessary).

We will verify your identity before processing any request, using information already in our records and, where necessary, additional information sufficient to confirm that the requester is the individual to whom the personal information relates. We will not use verification information for any purpose other than verification.

14. Authorised Agents

You may designate an authorised agent to submit a request on your behalf. We require the agent to provide written authorisation signed by you and, in certain cases, will independently verify your identity directly with you before processing the request.

15. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, applicable law, or other factors. Material changes will be reflected by an updated effective date at the top of this Policy and, where appropriate, additional notice. Your continued use of the Site or interaction with our firm following a revision constitutes acceptance of the updated Policy.

16. Contact Information

Privacy enquiries, rights requests, and complaints regarding our processing of personal information may be directed to:

Aethelgard Strategic Advisory LLC
Attn: Privacy Office
1209 Orange Street
Wilmington, DE 19801
United States

Email: privacy@aethelgard-advisory.com

If you reside in a U.S. state with an applicable data-protection authority, you also have the right to lodge a complaint with that authority. We encourage you to contact us first so that we may address your concerns directly.